On 2010-02-22 at 10:52 -0800, John Nagle wrote:
> I'd like to know when, if ever, Exim's SPF checking will advance
> from "experimental" to "supported". It's been "experimental"
> for years. See "http://wiki.exim.org/SPF"
The RFC providing the SPF specification is experimental, so any
implementation is experimental and, perforce, susceptible to change.
Given that DKIM does everything SPF does, without some of the ancilliary
problems, and is on the IETF Standards Track, I suspect that the will to
make SPF anything more than "this exists, you can use it if you want but
if it breaks you get to keep both pieces" is unlikely to be found.
Look towards DKIM and ADSP; DKIM itself will let you start establishing
per-domain reputations and ADSP solves the same problem that SPF does
but with reduced risk of breaking forwarding -- of the (consensual
definition for) legitimate email systems, only mailing-list managers
which tamper with headers or content but don't re-sign will have
problems; it's a much smaller problem and easier to fix as part of
routine MLM updates.
-Phil
